cnat_client_destroy (cnat_client_t * cc)
{
ASSERT (!cnat_client_is_clone (cc));
- if (!(cc->flags & CNAT_FLAG_EXCLUSIVE))
- {
- ASSERT (fib_entry_is_sourced (cc->cc_fei, cnat_fib_source));
- fib_table_entry_delete_index (cc->cc_fei, cnat_fib_source);
- }
+
+ ASSERT (fib_entry_is_sourced (cc->cc_fei, cnat_fib_source));
+ fib_table_entry_delete_index (cc->cc_fei, cnat_fib_source);
+
cnat_client_db_remove (cc);
dpo_reset (&cc->cc_parent);
pool_put (cnat_client_pool, cc);
cnat_client_ip4_find (&ip->ip4) : cnat_client_ip6_find (&ip->ip6));
ASSERT (NULL != cc);
- if ((0 == cnat_client_uncnt_session (cc))
- && (cc->flags & CNAT_FLAG_EXPIRES) && (0 == cc->tr_refcnt))
+ if (0 == cnat_client_uncnt_session (cc) && 0 == cc->tr_refcnt)
cnat_client_destroy (cc);
}
/* This processes ips stored in the throttle pool
to update session refcounts
and should be called before cnat_client_free_by_ip */
- vlib_thread_main_t *tm = vlib_get_thread_main ();
cnat_client_t *cc;
- int nthreads;
- u32 *del_vec = NULL, *ai;
- ip_address_t *addr;
- nthreads = tm->n_threads + 1;
- for (int i = 0; i < nthreads; i++)
- {
- vec_reset_length (del_vec);
- clib_spinlock_lock (&cnat_client_db.throttle_pool_lock[i]);
- /* *INDENT-OFF* */
- pool_foreach (addr, cnat_client_db.throttle_pool[i]) {
- cc = (AF_IP4 == addr->version ?
- cnat_client_ip4_find (&ip_addr_v4(addr)) :
- cnat_client_ip6_find (&ip_addr_v6(addr)));
- /* Client might not already be created */
- if (NULL != cc)
- {
- cnat_client_cnt_session (cc);
- vec_add1(del_vec, addr - cnat_client_db.throttle_pool[i]);
- }
- }
- /* *INDENT-ON* */
- vec_foreach (ai, del_vec)
+ ip_address_t *addr, *del_vec = NULL;
+ u32 refcnt;
+
+ vec_reset_length (del_vec);
+ clib_spinlock_lock (&cnat_client_db.throttle_lock);
+ hash_foreach_mem (addr, refcnt, cnat_client_db.throttle_mem, {
+ cc = (AF_IP4 == addr->version ? cnat_client_ip4_find (&ip_addr_v4 (addr)) :
+ cnat_client_ip6_find (&ip_addr_v6 (addr)));
+ /* Client might not already be created */
+ if (NULL != cc)
{
- addr = pool_elt_at_index (cnat_client_db.throttle_pool[i], *ai);
- pool_put (cnat_client_db.throttle_pool[i], addr);
+ cnat_client_t *ccp = cnat_client_get (cc->parent_cci);
+ clib_atomic_add_fetch (&ccp->session_refcnt, refcnt);
+ vec_add1 (del_vec, *addr);
}
- clib_spinlock_unlock (&cnat_client_db.throttle_pool_lock[i]);
- }
+ });
+ vec_foreach (addr, del_vec)
+ hash_unset_mem_free (&cnat_client_db.throttle_mem, addr);
+ clib_spinlock_unlock (&cnat_client_db.throttle_lock);
}
void
return;
cc = cnat_client_get (cci);
- ASSERT (!(cc->flags & CNAT_FLAG_EXPIRES));
cc->tr_refcnt++;
}
return;
cc = cnat_client_get (cci);
- ASSERT (!(cc->flags & CNAT_FLAG_EXPIRES));
cc->tr_refcnt--;
if (0 == cc->tr_refcnt && 0 == cc->session_refcnt)
}
void
-cnat_client_learn (const cnat_learn_arg_t * l)
+cnat_client_learn (const ip_address_t *addr)
{
/* RPC call to add a client from the dataplane */
index_t cci;
cnat_client_t *cc;
- cci = cnat_client_add (&l->addr, CNAT_FLAG_EXPIRES);
+ cci = cnat_client_add (addr, 0 /* flags */);
cc = pool_elt_at_index (cnat_client_pool, cci);
cnat_client_cnt_session (cc);
/* Process throttled calls if any */
int
cnat_client_purge (void)
{
- vlib_thread_main_t *tm = vlib_get_thread_main ();
- int nthreads;
- nthreads = tm->n_threads + 1;
- ASSERT (0 == hash_elts (cnat_client_db.crd_cip6));
- ASSERT (0 == hash_elts (cnat_client_db.crd_cip4));
- ASSERT (0 == pool_elts (cnat_client_pool));
- for (int i = 0; i < nthreads; i++)
- {
- ASSERT (0 == pool_elts (cnat_client_db.throttle_pool[i]));
- }
- return (0);
+ int rv = 0, rrv = 0;
+ if ((rv = hash_elts (cnat_client_db.crd_cip6)))
+ clib_warning ("len(crd_cip6) isnt 0 but %d", rv);
+ rrv |= rv;
+ if ((rv = hash_elts (cnat_client_db.crd_cip4)))
+ clib_warning ("len(crd_cip4) isnt 0 but %d", rv);
+ rrv |= rv;
+ if ((rv = pool_elts (cnat_client_pool)))
+ clib_warning ("len(cnat_client_pool) isnt 0 but %d", rv);
+ rrv |= rv;
+ if ((rv = hash_elts (cnat_client_db.throttle_mem)))
+ clib_warning ("len(throttle_mem) isnt 0 but %d", rv);
+ rrv |= rv;
+ return (rrv);
}
u8 *
s = format (s, "[%d] cnat-client:[%U] tr:%d sess:%d", cci,
format_ip_address, &cc->cc_ip,
cc->tr_refcnt, cc->session_refcnt);
- if (cc->flags & CNAT_FLAG_EXPIRES)
- s = format (s, " expires");
if (cc->flags & CNAT_FLAG_EXCLUSIVE)
s = format (s, " exclusive");
if (INDEX_INVALID == cci)
{
- /* *INDENT-OFF* */
pool_foreach_index (cci, cnat_client_pool)
vlib_cli_output(vm, "%U", format_cnat_client, cci, 0);
- /* *INDENT-ON* */
vlib_cli_output (vm, "%d clients", pool_elts (cnat_client_pool));
vlib_cli_output (vm, "%d timestamps", pool_elts (cnat_timestamps));
if (0 == cc->cc_locks)
{
ASSERT (cnat_client_is_clone (cc));
+ dpo_reset (&cc->cc_parent);
pool_put (cnat_client_pool, cc);
}
}
static clib_error_t *
cnat_client_init (vlib_main_t * vm)
{
- vlib_thread_main_t *tm = vlib_get_thread_main ();
- int nthreads = tm->n_threads + 1;
- int i;
cnat_client_dpo = dpo_register_new_type (&cnat_client_dpo_vft,
cnat_client_dpo_nodes);
sizeof (ip6_address_t),
sizeof (uword));
- vec_validate (cnat_client_db.throttle_pool, nthreads);
- vec_validate (cnat_client_db.throttle_pool_lock, nthreads);
- for (i = 0; i < nthreads; i++)
- clib_spinlock_init (&cnat_client_db.throttle_pool_lock[i]);
+ clib_spinlock_init (&cnat_client_db.throttle_lock);
+ cnat_client_db.throttle_mem =
+ hash_create_mem (0, sizeof (ip_address_t), sizeof (uword));
return (NULL);
}
if (NULL == cc)
{
- u64 r0 = 17;
- if (AF_IP4 == ctx->af)
- r0 = (u64) session->value.cs_ip[VLIB_RX].ip4.as_u32;
- else
- {
- r0 = r0 * 31 + session->value.cs_ip[VLIB_RX].ip6.as_u64[0];
- r0 = r0 * 31 + session->value.cs_ip[VLIB_RX].ip6.as_u64[1];
- }
+ ip_address_t addr;
+ uword *p;
+ u32 refcnt;
+
+ addr.version = ctx->af;
+ ip46_address_copy (&addr.ip, &session->value.cs_ip[VLIB_RX]);
+
+ /* Throttle */
+ clib_spinlock_lock (&cnat_client_db.throttle_lock);
- /* Rate limit */
- if (!throttle_check (&cnat_throttle, ctx->thread_index, r0, ctx->seed))
+ p = hash_get_mem (cnat_client_db.throttle_mem, &addr);
+ if (p)
{
- cnat_learn_arg_t l;
- l.addr.version = ctx->af;
- ip46_address_copy (&l.addr.ip, &session->value.cs_ip[VLIB_RX]);
- /* fire client create to the main thread */
- vl_api_rpc_call_main_thread (cnat_client_learn,
- (u8 *) & l, sizeof (l));
+ refcnt = p[0] + 1;
+ hash_set_mem (cnat_client_db.throttle_mem, &addr, refcnt);
}
else
- {
- /* Will still need to count those for session refcnt */
- ip_address_t *addr;
- clib_spinlock_lock (&cnat_client_db.throttle_pool_lock
- [ctx->thread_index]);
- pool_get (cnat_client_db.throttle_pool[ctx->thread_index], addr);
- addr->version = ctx->af;
- ip46_address_copy (&addr->ip, &session->value.cs_ip[VLIB_RX]);
- clib_spinlock_unlock (&cnat_client_db.throttle_pool_lock
- [ctx->thread_index]);
- }
+ hash_set_mem_alloc (&cnat_client_db.throttle_mem, &addr, 0);
+
+ clib_spinlock_unlock (&cnat_client_db.throttle_lock);
+
+ /* fire client create to the main thread */
+ if (!p)
+ vl_api_rpc_call_main_thread (cnat_client_learn, (u8 *) &addr,
+ sizeof (addr));
}
else
{
vlib_buffer_t **b = bufs;
u16 nexts[VLIB_FRAME_SIZE], *next;
f64 now;
- u64 seed;
thread_index = vm->thread_index;
from = vlib_frame_vector_args (frame);
next = nexts;
vlib_get_buffers (vm, from, bufs, n_left);
now = vlib_time_now (vm);
- seed = throttle_seed (&cnat_throttle, thread_index, vlib_time_now (vm));
cnat_session_t *session[4];
clib_bihash_kv_40_48_t bkey[4], bvalue[4];
u64 hash[4];
int rv[4];
- cnat_node_ctx_t ctx = { now, seed, thread_index, af, do_trace };
+ cnat_node_ctx_t ctx = { now, thread_index, af, do_trace };
if (n_left >= 8)
{